diff options
| author | Franck Bui <fbui@suse.com> | 2018-09-10 14:17:32 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2018-09-11 00:34:00 +0200 |
| commit | 03d0f4b58ee9fc5d80de7d068613de7c2baad4b7 (patch) | |
| tree | 3a42f484fe699597e68406acfb910aa1454105e4 | |
| parent | da0da5eccf5f20874111e0681b111704bf9a1c92 (diff) | |
| download | systemd-03d0f4b58ee9fc5d80de7d068613de7c2baad4b7.tar.gz | |
nspawn: always use mode 555 for /sys
When a network namespace is needed, /sys is mounted as tmpfs (see commit
d8fc6a000fe21b0c1ba27f for details).
But in this case mode 755 was used as initial permissions for /sys whereas the
default mode for sysfs is 555.
In practice using 755 doesn't have any impact because /sys is mounted read-only
too but for consistency, let's use the correct mode.
Fixes: #10050
| -rw-r--r-- | src/nspawn/nspawn-mount.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index 1279b9bb3e..995022272a 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -550,7 +550,7 @@ int mount_all(const char *dest, /* Then we list outer child mounts (i.e. mounts applied *before* entering user namespacing) */ { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, MOUNT_FATAL }, - { "tmpfs", "/sys", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, + { "tmpfs", "/sys", "tmpfs", "mode=555", MS_NOSUID|MS_NOEXEC|MS_NODEV, MOUNT_FATAL|MOUNT_APPLY_APIVFS_NETNS }, { "sysfs", "/sys", "sysfs", NULL, MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV, MOUNT_FATAL|MOUNT_APPLY_APIVFS_RO }, /* skipped if above was mounted */ |